Jenkins - Code Coverage Api CVE

Filtered by vendor Jenkins Subscribe

Filtered by product Code Coverage Api

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2020-2172	1 Jenkins	1 Code Coverage Api	2020-04-07	4.0 MEDIUM	6.5 MEDIUM
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
CVE-2020-2106	1 Jenkins	1 Code Coverage Api	2020-01-30	3.5 LOW	5.4 MEDIUM
Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the filename of the coverage report used in its view, resulting in a stored XSS vulnerability exploitable by users able to change job configurations.

Vulnerabilities (CVE)